A Terraform provider to manage Okta resources, enabling infrastructure-as-code provisioning and management of users, groups, applications, and other Okta objects.
Please vote on this issue by adding a π reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment
Terraform Version
Terraform v1.9.8
on darwin_arm64
+ provider registry.terraform.io/okta/okta v4.11.0
β Error: failed to update default MFA policy: the API returned an error: Cannot modify the priority attribute because it is read-only.
β
β with okta_policy_mfa_default.default_policy,
β on mfa.tf line 25, in resource "okta_policy_mfa_default" "default_policy":
β 25: resource "okta_policy_mfa_default" "default_policy" {
β
Panic Output
Expected Behavior
The default MFA policy should not error during updates.
Can this be done in the Admin UI?
No
Can this be done in the actual API call?
I don't know
Actual Behavior
The default MFA policy errors out due to priority being passed.
Steps to Reproduce
terraform apply
Add another mfa policy either via the UI
terraform apply
Remove the newly added policy via the UI
terraform apply
Update the terraform to have a modification on the default MFA policy. (Change something from required to optional or not allowed)
terraform apply
Step 7 should error out.
Any changes that cause the priority value in the terraform state to differ from what is actually returned via the API for policies seems to trigger the error condition.
Community Note
Terraform Version
Affected Resource(s)
Terraform Configuration Files
Debug Output
β Error: failed to update default MFA policy: the API returned an error: Cannot modify the priority attribute because it is read-only. β β with okta_policy_mfa_default.default_policy, β on mfa.tf line 25, in resource "okta_policy_mfa_default" "default_policy": β 25: resource "okta_policy_mfa_default" "default_policy" { β
Panic Output
Expected Behavior
The default MFA policy should not error during updates.
Can this be done in the Admin UI?
No
Can this be done in the actual API call?
I don't know
Actual Behavior
The default MFA policy errors out due to priority being passed.
Steps to Reproduce
terraform apply
terraform apply
terraform apply
terraform apply
Step 7 should error out.
Any changes that cause the priority value in the terraform state to differ from what is actually returned via the API for policies seems to trigger the error condition.
Important Factoids
References
0000